Webhook Security

In order for webhooks to work appropriately, the /flexdeploy/webhooks/v1 resource needs to be available for the system sending the webhook. This often means the endpoint needs to be publicly available which poses its own problems and security concerns which this document aims to address.

Warning

Before configuring any security or tunneling for webhooks, your security team should be engaged and approve the process.

Allowing webhooks into your FlexDeploy application

The easiest way to accomplish this is by using what is known as a 'reverse proxy'. A reverse proxy is the same as a normal proxy except it intercepts inbound traffic and routes to your application, whereas a normal proxy intercepts outbound traffic. Typically, the reverse proxy